<!DOCTYPE html>





<html lang="zh-CN">
<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=2">
<meta name="theme-color" content="#222">
<meta name="generator" content="Hexo 3.9.0">
  <link rel="apple-touch-icon" sizes="180x180" href="/images/favicon.ico?v=7.4.0">
  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon.ico?v=7.4.0">
  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon.ico?v=7.4.0">
  <link rel="mask-icon" href="/images/logo.svg?v=7.4.0" color="#222">

<link rel="stylesheet" href="/css/main.css?v=7.4.0">


<link rel="stylesheet" href="/lib/font-awesome/css/font-awesome.min.css?v=4.7.0">


<script id="hexo-configurations">
  var NexT = window.NexT || {};
  var CONFIG = {
    root: '/',
    scheme: 'Gemini',
    version: '7.4.0',
    exturl: false,
    sidebar: {"position":"left","display":"post","offset":12,"onmobile":false,"dimmer":false},
    copycode: {"enable":false,"show_result":false,"style":null},
    back2top: {"enable":true,"sidebar":false,"scrollpercent":false},
    bookmark: {"enable":false,"color":"#222","save":"auto"},
    fancybox: false,
    mediumzoom: false,
    lazyload: false,
    pangu: false,
    algolia: {
      appID: '',
      apiKey: '',
      indexName: '',
      hits: {"per_page":10},
      labels: {"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}
    },
    localsearch: {"enable":true,"trigger":"auto","top_n_per_article":1,"unescape":false,"preload":false},
    path: 'search.json',
    motion: {"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}},
    translation: {
      copy_button: '复制',
      copy_success: '复制成功',
      copy_failure: '复制失败'
    },
    sidebarPadding: 40
  };
</script>

  <meta name="description" content="0. 前言OpenVPN 是一个健壮的、高度灵活的 VPN 守护进程。它支持 SSL/TLS 安全、Ethernet bridging、经由代理的 TCP 或 UDP 隧道和 NAT。另外，它也支持动态 IP 地址以及 DHCP，可伸缩性足以支持数百或数千用户的使用场景，同时可移植至大多数主流操作系统平台上。 安装openvpn1sudo apt install openvpn">
<meta name="keywords" content="linux,openvpn">
<meta property="og:type" content="article">
<meta property="og:title" content="openvpn搭建虚拟局域网">
<meta property="og:url" content="https://unix2dos.github.io/p/a84d9911.html">
<meta property="og:site_name" content="Levon&#39;s Blog">
<meta property="og:description" content="0. 前言OpenVPN 是一个健壮的、高度灵活的 VPN 守护进程。它支持 SSL/TLS 安全、Ethernet bridging、经由代理的 TCP 或 UDP 隧道和 NAT。另外，它也支持动态 IP 地址以及 DHCP，可伸缩性足以支持数百或数千用户的使用场景，同时可移植至大多数主流操作系统平台上。 安装openvpn1sudo apt install openvpn">
<meta property="og:locale" content="zh-CN">
<meta property="og:updated_time" content="2019-11-23T09:09:38.324Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="openvpn搭建虚拟局域网">
<meta name="twitter:description" content="0. 前言OpenVPN 是一个健壮的、高度灵活的 VPN 守护进程。它支持 SSL/TLS 安全、Ethernet bridging、经由代理的 TCP 或 UDP 隧道和 NAT。另外，它也支持动态 IP 地址以及 DHCP，可伸缩性足以支持数百或数千用户的使用场景，同时可移植至大多数主流操作系统平台上。 安装openvpn1sudo apt install openvpn">
  <link rel="canonical" href="https://unix2dos.github.io/p/a84d9911">


<script id="page-configurations">
  // https://hexo.io/docs/variables.html
  CONFIG.page = {
    sidebar: "",
    isHome: false,
    isPost: true,
    isPage: false,
    isArchive: false
  };
</script>

  <title>openvpn搭建虚拟局域网 | Levon's Blog</title>
  








  <noscript>
  <style>
  .use-motion .brand,
  .use-motion .menu-item,
  .sidebar-inner,
  .use-motion .post-block,
  .use-motion .pagination,
  .use-motion .comments,
  .use-motion .post-header,
  .use-motion .post-body,
  .use-motion .collection-header { opacity: initial; }

  .use-motion .logo,
  .use-motion .site-title,
  .use-motion .site-subtitle {
    opacity: initial;
    top: initial;
  }

  .use-motion .logo-line-before i { left: initial; }
  .use-motion .logo-line-after i { right: initial; }
  </style>
</noscript>

</head>

<body itemscope itemtype="http://schema.org/WebPage" lang="zh-CN">
  <div class="container use-motion">
    <div class="headband"></div>

    <header id="header" class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-container">
  <div class="site-meta">

    <div>
      <a href="/" class="brand" rel="start">
        <span class="logo-line-before"><i></i></span>
        <span class="site-title">Levon's Blog</span>
        <span class="logo-line-after"><i></i></span>
      </a>
    </div>
        <h1 class="site-subtitle" itemprop="description">微信:  L6241425</h1>
      
  </div>

  <div class="site-nav-toggle">
    <button aria-label="切换导航栏">
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
    </button>
  </div>
</div>


<nav class="site-nav">
  
  <ul id="menu" class="menu">
      
      
      
        
        <li class="menu-item menu-item-home">
      
    

    <a href="/" rel="section"><i class="menu-item-icon fa fa-fw fa-home"></i> <br>首页</a>

  </li>
      
      
      
        
        <li class="menu-item menu-item-archives">
      
    

    <a href="/archives/" rel="section"><i class="menu-item-icon fa fa-fw fa-archive"></i> <br>时光</a>

  </li>
      
      
      
        
        <li class="menu-item menu-item-categories">
      
    

    <a href="/categories/" rel="section"><i class="menu-item-icon fa fa-fw fa-th"></i> <br>分类</a>

  </li>
      
      
      
        
        <li class="menu-item menu-item-tags">
      
    

    <a href="/tags/" rel="section"><i class="menu-item-icon fa fa-fw fa-tags"></i> <br>标签</a>

  </li>
      <li class="menu-item menu-item-search">
        <a href="javascript:;" class="popup-trigger">
        
          <i class="menu-item-icon fa fa-search fa-fw"></i> <br>搜索</a>
      </li>
    
  </ul>

</nav>
  <div class="site-search">
    <div class="popup search-popup">
    <div class="search-header">
  <span class="search-icon">
    <i class="fa fa-search"></i>
  </span>
  <div class="search-input-container">
    <input autocomplete="off" autocorrect="off" autocapitalize="none"
           placeholder="搜索..." spellcheck="false"
           type="text" id="search-input">
  </div>
  <span class="popup-btn-close">
    <i class="fa fa-times-circle"></i>
  </span>
</div>
<div id="search-result"></div>

</div>
<div class="search-pop-overlay"></div>

  </div>
</div>
    </header>

    
  <div class="back-to-top">
    <i class="fa fa-arrow-up"></i>
    <span>0%</span>
  </div>


    <main id="main" class="main">
      <div class="main-inner">
        <div class="content-wrap">
            

          <div id="content" class="content">
            

  <div id="posts" class="posts-expand">
      <article itemscope itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block post">
    <link itemprop="mainEntityOfPage" href="https://unix2dos.github.io/p/a84d9911.html">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="name" content="Levon">
      <meta itemprop="description" content="Never Give Up">
      <meta itemprop="image" content="/images/avatar.jpg">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="Levon's Blog">
    </span>
      <header class="post-header">
        <h2 class="post-title" itemprop="name headline">openvpn搭建虚拟局域网

          
        </h2>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>

              
                
              

              <time title="创建时间：2019-11-23 16:11:40 / 修改时间：17:09:38" itemprop="dateCreated datePublished" datetime="2019-11-23T16:11:40+08:00">2019-11-23</time>
            </span>
          
            

            
          
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing"><a href="/categories/2-linux系统/" itemprop="url" rel="index"><span itemprop="name">2-linux系统</span></a></span>

                
                
                  ，
                
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing"><a href="/categories/2-linux系统/系统/" itemprop="url" rel="index"><span itemprop="name">系统</span></a></span>

                
                
              
            </span>
          

          
  
  <span class="post-meta-item">
    
      <span class="post-meta-item-icon">
        <i class="fa fa-comment-o"></i>
      </span>
        
      
      <span class="post-meta-item-text">Disqus：</span>
    
    <a title="disqus" href="/p/a84d9911.html#comments" itemprop="discussionUrl"><span class="post-comments-count disqus-comment-count" data-disqus-identifier="p/a84d9911.html" itemprop="commentCount"></span></a>
  </span>
  
  
          <br>
            <span class="post-meta-item" title="本文字数">
              <span class="post-meta-item-icon">
                <i class="fa fa-file-word-o"></i>
              </span>
              
                <span class="post-meta-item-text">本文字数：</span>
              
              <span>4k</span>
            </span>
          
            <span class="post-meta-item" title="阅读时长">
              <span class="post-meta-item-icon">
                <i class="fa fa-clock-o"></i>
              </span>
              
                <span class="post-meta-item-text">阅读时长 &asymp;</span>
              
              <span>4 分钟</span>
            </span>
          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
        <h3 id="0-前言"><a href="#0-前言" class="headerlink" title="0. 前言"></a>0. 前言</h3><p>OpenVPN 是一个健壮的、高度灵活的 <a href="https://en.wikipedia.org/wiki/VPN" target="_blank" rel="noopener">VPN</a> 守护进程。它支持 <a href="https://en.wikipedia.org/wiki/SSL/TLS" target="_blank" rel="noopener">SSL/TLS</a> 安全、<a href="https://en.wikipedia.org/wiki/Bridging_(networking)" target="_blank" rel="noopener">Ethernet bridging</a>、经由<a href="https://en.wikipedia.org/wiki/Proxy_server" target="_blank" rel="noopener">代理</a>的 <a href="https://en.wikipedia.org/wiki/Transmission_Control_Protocol" target="_blank" rel="noopener">TCP</a> 或 <a href="https://en.wikipedia.org/wiki/User_Datagram_Protocol" target="_blank" rel="noopener">UDP</a> <a href="https://en.wikipedia.org/wiki/Tunneling_protocol" target="_blank" rel="noopener">隧道</a>和 <a href="https://en.wikipedia.org/wiki/Network_address_translation" target="_blank" rel="noopener">NAT</a>。另外，它也支持动态 IP 地址以及 <a href="https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol" target="_blank" rel="noopener">DHCP</a>，可伸缩性足以支持数百或数千用户的使用场景，同时可移植至大多数主流操作系统平台上。</p>
<h5 id="安装openvpn"><a href="#安装openvpn" class="headerlink" title="安装openvpn"></a>安装openvpn</h5><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sudo apt install openvpn</span><br></pre></td></tr></table></figure>

<a id="more"></a>



<h3 id="1-生成证书"><a href="#1-生成证书" class="headerlink" title="1. 生成证书"></a>1. 生成证书</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">git <span class="built_in">clone</span> https://github.com/OpenVPN/easy-rsa</span><br><span class="line"><span class="built_in">cd</span> easyrsa3</span><br></pre></td></tr></table></figure>

<h5 id="1-1-生成-CA"><a href="#1-1-生成-CA" class="headerlink" title="1.1 生成 CA"></a>1.1 生成 CA</h5><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">./easyrsa init-pki</span><br><span class="line"></span><br><span class="line">./easyrsa build-ca  </span><br><span class="line"><span class="comment"># 输入密码: 123456</span></span><br><span class="line">Common Name: OpenVPN-CA</span><br></pre></td></tr></table></figure>

<p>pki文件夹下会生成 ca.crt</p>
<h5 id="1-2-生成server和-client-公钥私钥对"><a href="#1-2-生成server和-client-公钥私钥对" class="headerlink" title="1.2 生成server和 client 公钥私钥对"></a>1.2 生成server和 client 公钥私钥对</h5><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">./easyrsa build-server-full server</span><br><span class="line"></span><br><span class="line">./easyrsa build-client-full client1</span><br><span class="line">./easyrsa build-client-full client2</span><br><span class="line">./easyrsa build-client-full client3</span><br></pre></td></tr></table></figure>

<p>pki/private 是私有的 key</p>
<p>pki/issued 是公有的 key</p>
<h5 id="1-3-生成Diffie-Hellman-pem"><a href="#1-3-生成Diffie-Hellman-pem" class="headerlink" title="1.3 生成Diffie-Hellman pem"></a>1.3 生成Diffie-Hellman pem</h5><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">./easyrsa gen-dh</span><br></pre></td></tr></table></figure>

<p>pki 文件夹下生成了 dh.pem</p>
<h5 id="1-4-现在我们有了"><a href="#1-4-现在我们有了" class="headerlink" title="1.4 现在我们有了"></a>1.4 现在我们有了</h5><table>
<thead>
<tr>
<th><strong>Filename</strong></th>
<th><strong>Needed By</strong></th>
<th><strong>Purpose</strong></th>
<th><strong>Secret</strong></th>
</tr>
</thead>
<tbody><tr>
<td>ca.crt</td>
<td>server + all clients</td>
<td>Root CA certificate</td>
<td>NO</td>
</tr>
<tr>
<td>ca.key</td>
<td>key signing machine only</td>
<td>Root CA key</td>
<td>YES</td>
</tr>
<tr>
<td>dh{n}.pem</td>
<td>server only</td>
<td>Diffie Hellman parameters</td>
<td>NO</td>
</tr>
<tr>
<td>server.crt</td>
<td>server only</td>
<td>Server Certificate</td>
<td>NO</td>
</tr>
<tr>
<td>server.key</td>
<td>server only</td>
<td>Server Key</td>
<td>YES</td>
</tr>
<tr>
<td>client1.crt</td>
<td>client1 only</td>
<td>Client1 Certificate</td>
<td>NO</td>
</tr>
<tr>
<td>client1.key</td>
<td>client1 only</td>
<td>Client1 Key</td>
<td>YES</td>
</tr>
<tr>
<td>client2.crt</td>
<td>client2 only</td>
<td>Client2 Certificate</td>
<td>NO</td>
</tr>
<tr>
<td>client2.key</td>
<td>client2 only</td>
<td>Client2 Key</td>
<td>YES</td>
</tr>
<tr>
<td>client3.crt</td>
<td>client3 only</td>
<td>Client3 Certificate</td>
<td>NO</td>
</tr>
<tr>
<td>client3.key</td>
<td>client3 only</td>
<td>Client3 Key</td>
<td>YES</td>
</tr>
</tbody></table>
<h3 id="2-配置文件"><a href="#2-配置文件" class="headerlink" title="2. 配置文件"></a>2. 配置文件</h3><p>在安装目录下(<code>/usr/share/doc/openvpn/examples/sample-config-files</code>)找到配置 <code>server.conf</code> and <code>client.conf</code></p>
<p>如果只有有 server.conf.gz 的话, 需要解压</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">gunzip -c server.conf.gz &gt; server.conf</span><br></pre></td></tr></table></figure>

<h5 id="2-1-服务端修改证书路径"><a href="#2-1-服务端修改证书路径" class="headerlink" title="2.1  服务端修改证书路径"></a>2.1  服务端修改证书路径</h5><p>Before you use the sample configuration file, you should first edit the <strong>ca</strong>, <strong>cert</strong>, <strong>key</strong>, and <strong>dh</strong> parameters to point to the files you generated in the <a href="https://openvpn.net/community-resources/how-to/#setting-up-your-own-certificate-authority-ca-and-generating-certificates-and-keys-for-an-openvpn-server-and-multiple-clients" target="_blank" rel="noopener">PKI</a> section above.</p>
<h5 id="2-2-服务端dev-模式可以修改-tap-tun"><a href="#2-2-服务端dev-模式可以修改-tap-tun" class="headerlink" title="2.2 服务端dev 模式可以修改  tap tun"></a>2.2 服务端dev 模式可以修改  tap tun</h5><h5 id="2-3-服务端修改-ip-范围"><a href="#2-3-服务端修改-ip-范围" class="headerlink" title="2.3 服务端修改 ip 范围"></a>2.3 服务端修改 ip 范围</h5><p>If you want to use a virtual IP address range other than <code>10.8.0.0/24</code>, you should modify the <code>server</code> directive. Remember that this virtual IP address range should be a private range which is currently unused on your network.</p>
<p>The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets (codified in RFC 1918):</p>
<table>
<thead>
<tr>
<th>10.0.0.0</th>
<th>10.255.255.255</th>
<th>(10/8 prefix)</th>
</tr>
</thead>
<tbody><tr>
<td>172.16.0.0</td>
<td>172.31.255.255</td>
<td>(172.16/12 prefix)</td>
</tr>
<tr>
<td>192.168.0.0</td>
<td>192.168.255.255</td>
<td>(192.168/16 prefix)</td>
</tr>
</tbody></table>
<p>The best candidates are subnets in the middle of the vast 10.0.0.0/8 netblock (for example 10.66.77.0/24).</p>
<h5 id="2-4-服务端修改-client-之间可连接"><a href="#2-4-服务端修改-client-之间可连接" class="headerlink" title="2.4 服务端修改 client 之间可连接"></a>2.4 服务端修改 client 之间可连接</h5><p>Uncomment out the <code>client-to-client</code> directive if you would like connecting clients to be able to reach each other over the VPN. By default, clients will only be able to reach the server.</p>
<h5 id="2-5-服务端修改-user-和-group"><a href="#2-5-服务端修改-user-和-group" class="headerlink" title="2.5 服务端修改 user 和 group"></a>2.5 服务端修改 user 和 group</h5><p>If you are using Linux, BSD, or a Unix-like OS, you can improve security by uncommenting out the <strong>user nobody</strong> and <strong>group nobody</strong> directives.</p>
<h5 id="2-6-客户端修改证书路径"><a href="#2-6-客户端修改证书路径" class="headerlink" title="2.6 客户端修改证书路径"></a>2.6 客户端修改证书路径</h5><p><code>ca</code>, <code>cert</code>, <code>key</code></p>
<h5 id="2-7-客户端修改-remote-参数"><a href="#2-7-客户端修改-remote-参数" class="headerlink" title="2.7 客户端修改 remote 参数"></a>2.7 客户端修改 remote 参数</h5><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">remote my-server-1 1194</span><br></pre></td></tr></table></figure>

<h5 id="2-8-服务器和客户端的-dev-tun-or-tap-and-proto-udp-or-tcp-要一致"><a href="#2-8-服务器和客户端的-dev-tun-or-tap-and-proto-udp-or-tcp-要一致" class="headerlink" title="2.8 服务器和客户端的 dev (tun or tap) and proto (udp or tcp) 要一致"></a>2.8 服务器和客户端的 <code>dev</code> (tun or tap) and <code>proto</code> (udp or tcp) 要一致</h5><h3 id="3-启动使用"><a href="#3-启动使用" class="headerlink" title="3. 启动使用"></a>3. 启动使用</h3><h5 id="3-1-启动-server"><a href="#3-1-启动-server" class="headerlink" title="3.1 启动 server"></a>3.1 启动 server</h5><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sudo openvpn /etc/openvpn/server.conf</span><br></pre></td></tr></table></figure>

<p>成功启动以后会发现多了一个 tun 网口</p>
<p>如遇到错误: <a href="https://unix.stackexchange.com/questions/359428/open-vpn-options-error-tls-auth-fails-with-ta-key-no-such-file-or-director" target="_blank" rel="noopener">Open VPN options error: –tls-auth fails with ‘ta.key’: no such file or directory</a></p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sudo openvpn --genkey --secret /etc/openvpn/certs/ta.key</span><br></pre></td></tr></table></figure>

<h5 id="3-2-启动-client"><a href="#3-2-启动-client" class="headerlink" title="3.2 启动 client"></a>3.2 启动 client</h5><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sudo openvpn /etc/openvpn/client.conf</span><br></pre></td></tr></table></figure>

<p>如遇到错误: Authenticate/Decrypt packet error: packet HMAC authentication failed, 配置文件里,</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">tls-auth /etc/openvpn/certs/ta.key 0  <span class="comment">#服务器用0</span></span><br><span class="line"></span><br><span class="line">tls-auth /etc/openvpn/certs/ta.key 1  <span class="comment">#客户端用1</span></span><br></pre></td></tr></table></figure>

<p>注意, 这个 key 是同一个, 在服务器生成, 不是每个都生成一次</p>
<h5 id="3-3-测试"><a href="#3-3-测试" class="headerlink" title="3.3 测试"></a>3.3 测试</h5><p>在客户端  <code>ping 10.8.0.1</code></p>
<p>If the ping succeeds, congratulations! You now have a functioning VPN.</p>
<p>我们也可以 <code>ssh user@10.8.0.1</code> 发现也可以</p>
<h5 id="3-4-mac-使用"><a href="#3-4-mac-使用" class="headerlink" title="3.4 mac 使用"></a>3.4 mac 使用</h5><p><a href="https://tunnelblick.net/" target="_blank" rel="noopener">https://tunnelblick.net/</a> 下载安装包</p>
<p>可以生成.ovpn 文件, 参考<a href="https://serverfault.com/a/483967" target="_blank" rel="noopener">https://serverfault.com/a/483967</a></p>
<h3 id="4-openvpn服务"><a href="#4-openvpn服务" class="headerlink" title="4. openvpn服务"></a>4. openvpn服务</h3><h5 id="4-1-server-service"><a href="#4-1-server-service" class="headerlink" title="4.1 server service"></a>4.1 server service</h5><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">sudo systemctl start openvpn@server.service</span><br><span class="line"></span><br><span class="line">sudo systemctl <span class="built_in">enable</span> openvpn@server.service</span><br></pre></td></tr></table></figure>

<p>需要输入密码请这样</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sudo systemd-tty-ask-password-agent</span><br></pre></td></tr></table></figure>

<h5 id="4-2-client-service"><a href="#4-2-client-service" class="headerlink" title="4.2 client service"></a>4.2 client service</h5><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">sudo systemctl start openvpn@client.service</span><br><span class="line"></span><br><span class="line">sudo systemctl <span class="built_in">enable</span> openvpn@client.service</span><br></pre></td></tr></table></figure>

<h3 id="5-客户端分配固定-IP"><a href="#5-客户端分配固定-IP" class="headerlink" title="5. 客户端分配固定 IP"></a>5. 客户端分配固定 IP</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cd</span> /etc/openvpn</span><br><span class="line">mkdir ccd</span><br><span class="line"></span><br><span class="line"><span class="comment"># 配置文件修改client-config-dir</span></span><br><span class="line">vim server.conf</span><br><span class="line">client-config-dir ccd</span><br><span class="line"></span><br><span class="line"><span class="comment">#在ccd文件夹下建立以用户名(Common Name)为名称的文件</span></span><br><span class="line"><span class="built_in">cd</span> ccd</span><br><span class="line"></span><br><span class="line">vi client1</span><br><span class="line">ifconfig-push 10.8.0.2 255.255.255.0</span><br><span class="line"></span><br><span class="line">vi client2</span><br><span class="line">ifconfig-push 10.8.0.3 255.255.255.0</span><br></pre></td></tr></table></figure>

<h3 id="6-参考资料"><a href="#6-参考资料" class="headerlink" title="6. 参考资料"></a>6. 参考资料</h3><ul>
<li><p><a href="https://openvpn.net/community-resources/how-to/" target="_blank" rel="noopener">https://openvpn.net/community-resources/how-to/</a></p>
</li>
<li><p><a href="https://github.com/OpenVPN/easy-rsa" target="_blank" rel="noopener">https://github.com/OpenVPN/easy-rsa</a></p>
</li>
<li><p><a href="https://tunnelblick.net/" target="_blank" rel="noopener">https://tunnelblick.net/</a></p>
</li>
<li><p><a href="https://community.openvpn.net/openvpn/wiki/Concepts-Addressing" target="_blank" rel="noopener">https://community.openvpn.net/openvpn/wiki/Concepts-Addressing</a></p>
</li>
</ul>

    </div>

    
    
    
        
      
        <div id="reward-container">
  <div>坚持原创技术分享，您的支持将鼓励我继续创作, 一个耿直的笑脸~</div>
  <button id="reward-button" disable="enable" onclick="var qr = document.getElementById(&quot;qr&quot;); qr.style.display = (qr.style.display === 'none') ? 'block' : 'none';">
    打赏
  </button>
  <div id="qr" style="display: none;">
        
      
      <div style="display: inline-block">
        <img src="/images/wechatpay.jpg" alt="Levon 微信支付">
        <p>微信支付</p>
      </div>
        
      
      <div style="display: inline-block">
        <img src="/images/alipay.jpg" alt="Levon 支付宝">
        <p>支付宝</p>
      </div>

  </div>
</div>

      

      <footer class="post-footer">
          
            
          
          <div class="post-tags">
            
              <a href="/tags/linux/" rel="tag"># linux</a>
            
              <a href="/tags/openvpn/" rel="tag"># openvpn</a>
            
          </div>
        

        

          <div class="post-nav">
            <div class="post-nav-next post-nav-item">
              
                <a href="/p/4cf47ff4.html" rel="next" title="Makefile的编写规则">
                  <i class="fa fa-chevron-left"></i> Makefile的编写规则
                </a>
              
            </div>

            <span class="post-nav-divider"></span>

            <div class="post-nav-prev post-nav-item">
              
                <a href="/p/48fcb916.html" rel="prev" title="【转载】如何超过大多数人">
                  【转载】如何超过大多数人 <i class="fa fa-chevron-right"></i>
                </a>
              
            </div>
          </div>
        
      </footer>
    
  </div>
  
  
  
  </article>

  </div>


          </div>
          
    
    
  <div class="comments" id="comments">
    <div id="disqus_thread">
      <noscript>Please enable JavaScript to view the comments powered by Disqus.</noscript>
    </div>
  </div>
  
  

        </div>
          
  
  <div class="sidebar-toggle">
    <div class="sidebar-toggle-line-wrap">
      <span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
    </div>
  </div>

  <aside class="sidebar">
    <div class="sidebar-inner">
        
        
        
        
      

      <ul class="sidebar-nav motion-element">
        <li class="sidebar-nav-toc">
          文章目录
        </li>
        <li class="sidebar-nav-overview">
          站点概览
        </li>
      </ul>

      <!--noindex-->
      <div class="post-toc-wrap sidebar-panel">
          <div class="post-toc motion-element"><ol class="nav"><li class="nav-item nav-level-3"><a class="nav-link" href="#0-前言"><span class="nav-number">1.</span> <span class="nav-text">0. 前言</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#安装openvpn"><span class="nav-number">1.0.1.</span> <span class="nav-text">安装openvpn</span></a></li></ol></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#1-生成证书"><span class="nav-number">2.</span> <span class="nav-text">1. 生成证书</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#1-1-生成-CA"><span class="nav-number">2.0.1.</span> <span class="nav-text">1.1 生成 CA</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#1-2-生成server和-client-公钥私钥对"><span class="nav-number">2.0.2.</span> <span class="nav-text">1.2 生成server和 client 公钥私钥对</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#1-3-生成Diffie-Hellman-pem"><span class="nav-number">2.0.3.</span> <span class="nav-text">1.3 生成Diffie-Hellman pem</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#1-4-现在我们有了"><span class="nav-number">2.0.4.</span> <span class="nav-text">1.4 现在我们有了</span></a></li></ol></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#2-配置文件"><span class="nav-number">3.</span> <span class="nav-text">2. 配置文件</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#2-1-服务端修改证书路径"><span class="nav-number">3.0.1.</span> <span class="nav-text">2.1  服务端修改证书路径</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#2-2-服务端dev-模式可以修改-tap-tun"><span class="nav-number">3.0.2.</span> <span class="nav-text">2.2 服务端dev 模式可以修改  tap tun</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#2-3-服务端修改-ip-范围"><span class="nav-number">3.0.3.</span> <span class="nav-text">2.3 服务端修改 ip 范围</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#2-4-服务端修改-client-之间可连接"><span class="nav-number">3.0.4.</span> <span class="nav-text">2.4 服务端修改 client 之间可连接</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#2-5-服务端修改-user-和-group"><span class="nav-number">3.0.5.</span> <span class="nav-text">2.5 服务端修改 user 和 group</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#2-6-客户端修改证书路径"><span class="nav-number">3.0.6.</span> <span class="nav-text">2.6 客户端修改证书路径</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#2-7-客户端修改-remote-参数"><span class="nav-number">3.0.7.</span> <span class="nav-text">2.7 客户端修改 remote 参数</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#2-8-服务器和客户端的-dev-tun-or-tap-and-proto-udp-or-tcp-要一致"><span class="nav-number">3.0.8.</span> <span class="nav-text">2.8 服务器和客户端的 dev (tun or tap) and proto (udp or tcp) 要一致</span></a></li></ol></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#3-启动使用"><span class="nav-number">4.</span> <span class="nav-text">3. 启动使用</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#3-1-启动-server"><span class="nav-number">4.0.1.</span> <span class="nav-text">3.1 启动 server</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#3-2-启动-client"><span class="nav-number">4.0.2.</span> <span class="nav-text">3.2 启动 client</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#3-3-测试"><span class="nav-number">4.0.3.</span> <span class="nav-text">3.3 测试</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#3-4-mac-使用"><span class="nav-number">4.0.4.</span> <span class="nav-text">3.4 mac 使用</span></a></li></ol></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#4-openvpn服务"><span class="nav-number">5.</span> <span class="nav-text">4. openvpn服务</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#4-1-server-service"><span class="nav-number">5.0.1.</span> <span class="nav-text">4.1 server service</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#4-2-client-service"><span class="nav-number">5.0.2.</span> <span class="nav-text">4.2 client service</span></a></li></ol></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#5-客户端分配固定-IP"><span class="nav-number">6.</span> <span class="nav-text">5. 客户端分配固定 IP</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#6-参考资料"><span class="nav-number">7.</span> <span class="nav-text">6. 参考资料</span></a></li></ol></div>
        
      </div>
      <!--/noindex-->

      <div class="site-overview-wrap sidebar-panel">
        <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
    <img class="site-author-image" itemprop="image"
      src="/images/avatar.jpg"
      alt="Levon">
  <p class="site-author-name" itemprop="name">Levon</p>
  <div class="site-description" itemprop="description">Never Give Up</div>
</div>
<div class="site-state-wrap motion-element">
  <nav class="site-state">
      <div class="site-state-item site-state-posts">
        
          <a href="/archives/">
        
          <span class="site-state-item-count">127</span>
          <span class="site-state-item-name">日志</span>
        </a>
      </div>
    
      
      
      <div class="site-state-item site-state-categories">
        
          
            <a href="/categories/">
          
        
        <span class="site-state-item-count">34</span>
        <span class="site-state-item-name">分类</span>
        </a>
      </div>
    
      
      
      <div class="site-state-item site-state-tags">
        
          
            <a href="/tags/">
          
        
        <span class="site-state-item-count">76</span>
        <span class="site-state-item-name">标签</span>
        </a>
      </div>
    
  </nav>
</div>
  <div class="links-of-author motion-element">
      <span class="links-of-author-item">
      
      
        
      
      
        
      
        <a href="https://github.com/unix2dos" title="GitHub &rarr; https://github.com/unix2dos" rel="noopener" target="_blank"><i class="fa fa-fw fa-github"></i>GitHub</a>
      </span>
    
      <span class="links-of-author-item">
      
      
        
      
      
        
      
        <a href="mailto:levonfly@gmail.com" title="E-Mail &rarr; mailto:levonfly@gmail.com" rel="noopener" target="_blank"><i class="fa fa-fw fa-envelope"></i>E-Mail</a>
      </span>
    
      <span class="links-of-author-item">
      
      
        
      
      
        
      
        <a href="https://twitter.com/levonfly" title="Twitter &rarr; https://twitter.com/levonfly" rel="noopener" target="_blank"><i class="fa fa-fw fa-twitter"></i>Twitter</a>
      </span>
    
      <span class="links-of-author-item">
      
      
        
      
      
        
      
        <a href="https://weibo.com/l6241425" title="Weibo &rarr; https://weibo.com/l6241425" rel="noopener" target="_blank"><i class="fa fa-fw fa-weibo"></i>Weibo</a>
      </span>
    
  </div>



      </div>

    </div>
  </aside>
  <div id="sidebar-dimmer"></div>


      </div>
    </main>

    <footer id="footer" class="footer">
      <div class="footer-inner">
        <div class="copyright">&copy; <span itemprop="copyrightYear">2020</span>
  <span class="with-love" id="animate">
    <i class="fa fa-user"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">Levon</span>
    <span class="post-meta-divider">|</span>
    <span class="post-meta-item-icon">
      <i class="fa fa-area-chart"></i>
    </span>
    <span title="站点总字数">507k</span>
    <span class="post-meta-divider">|</span>
    <span class="post-meta-item-icon">
      <i class="fa fa-coffee"></i>
    </span>
    <span title="站点阅读时长">7:41</span>
</div>

        












        
      </div>
    </footer>
  </div>

  
  <script src="/lib/anime.min.js?v=3.1.0"></script>
  <script src="/lib/velocity/velocity.min.js?v=1.2.1"></script>
  <script src="/lib/velocity/velocity.ui.min.js?v=1.2.1"></script>
<script src="/js/utils.js?v=7.4.0"></script><script src="/js/motion.js?v=7.4.0"></script>
<script src="/js/schemes/pisces.js?v=7.4.0"></script>

<script src="/js/next-boot.js?v=7.4.0"></script>



  
  <script>
    (function(){
      var bp = document.createElement('script');
      var curProtocol = window.location.protocol.split(':')[0];
      bp.src = (curProtocol === 'https') ? 'https://zz.bdstatic.com/linksubmit/push.js' : 'http://push.zhanzhang.baidu.com/push.js';
      var s = document.getElementsByTagName("script")[0];
      s.parentNode.insertBefore(bp, s);
    })();
  </script>








  <script src="/js/local-search.js?v=7.4.0"></script>














  

  

  

<script>
  function loadCount() {
    var d = document, s = d.createElement('script');
    s.src = 'https://levonfly.disqus.com/count.js';
    s.id = 'dsq-count-scr';
    (d.head || d.body).appendChild(s);
  }
  // defer loading until the whole page loading is completed
  window.addEventListener('load', loadCount, false);
</script>
<script>
  function disqus_config() {
    this.page.url = "https://unix2dos.github.io/p/a84d9911.html";
    this.page.identifier = "p/a84d9911.html";
    this.page.title = 'openvpn搭建虚拟局域网';};
  function loadComments() {
    if (window.DISQUS) {
      DISQUS.reset({
        reload: true,
        config: disqus_config
      });
    } else {
      var d = document, s = d.createElement('script');
      s.src = 'https://levonfly.disqus.com/embed.js';
      s.setAttribute('data-timestamp', '' + +new Date());
      (d.head || d.body).appendChild(s);
    }
  }
    window.addEventListener('load', loadComments, false);
  
</script>

</body>
</html>
